为什么不对密码进行哈希处理？

Question

I'm using Argon2 to hash my password, this is my code:

import { ForbiddenException, Injectable } from '@nestjs/common';
import { PrismaService } from 'src/prisma/prisma.service';
import { AuthDto } from './dto';
import * as argon from 'argon2';

  async signup(authDto: AuthDto) {
    // generate the password
    const hash = await argon.hash(authDto.password);
    console.log(`The hashed password is ${authDto.password}`);

    // save the new user in the db
    try {
      const user = await this.prisma.user.create({
        data: {
          email: authDto.email,
          hash: authDto.password,
          firstname: '',
          lastname: '',
        },
      });
      //delete user.hash;
      // return the saved user
      return user;
    } catch (error) {
      // test if the error is commimg from prisma
      if (error instanceof PrismaClientKnownRequestError) {
        // test if the field is duplicated
        if (error.code === 'P2002') {
          throw new ForbiddenException('Credentials taken'); //NestJS exception
        }
      }
      throw error;
    }
  }

When I print my hashed password, I find it not hashed.

PS: I'm using NestJS as nodeJS backend framework, and Manjaro Linux as OS, Argon2 as hash library.

Answer 1

After hashing the password you are still using the plaintext password for logging and storing it into the prisma db. The variable hash contains the hashed password.

Change the code to use the hash instead of authDto.password .

const hash = await argon.hash(authDto.password);
console.log(`The hashed password is ${hash}`);